Exploiting Concurrency Vulnerabilities in System Call Wrappers

Abstract

System call interposition allows the kernel security model to be extended.
However, when combined with current operating systems, it is open to
concurrency vulnerabilities leading to privilege escalation and audit bypass.
We discuss the theory and practice of system call wrapper concurrency
vulnerabilities, and demonstrate exploit technques against GSWTK, Systrace,
and CerbNG.